As computers become more integrated into our society, the need for computer security drastically increases. Recently, Internet commerce has experienced a vast growth over the computer networks of the world. Unfortunately, unless Internet commerce is adequately protected, using full-proof computer security mechanisms, the potential for computer piracy may one day erode consumer confidence. In other words, computer users which provide confidential information to acquire products and services must have adequate insurance that the information will not be intercepted by computer pirates.
As a result, many computer systems now incorporate vital security features such as encryption, source verification, trusted environment, as well as additional security features. As such, current online computer systems generally rely on transitive trust relationships. The public key infrastructure (PKI) is an example of such a transitive trust model. Under the public key infrastructure, a certification authority may provide an individual with a private key that only the user is aware of.
Accordingly, when the user provides information, it may be encrypted using the computer user's private key. As such, a recipient of the encrypted information may obtain a public key to decrypt the encrypted information by contacting a certification authority. In addition, a source of information may also be authenticated by digitally signing messages, which may also be decrypted to verify a source of information.
As one can see, the PKI provides mechanisms which ensure security for one-to-one relationships. However, relationships can quickly grow beyond one-to-one interactions, which require transitive trust to ensure security. Unfortunately, trust is generally not transitive. For example, an individual may trust a certification authority and receive an issued extrinsic certificate from the certification authority. Following issuance of the certificate, the certification authority may decide to trust a further individual and grant the individual access and control to all of the issued certificates, including of course the initial individual's certificate.
Unfortunately, the initial individual may not trust the subsequent individual which is trusted by the certification authority. Accordingly, had the individual known that the certification authority trusted the subsequent individual prior to issuance of the certificate, the individual probably would not have requested the certificate. As such, the problem illustrates that transitive trust is neither symmetric nor transitive nor distributed. In other words, the only reliable trust is self-trust, which cannot have an unknown subsequent individual which is trusted by the certification authority following an initial formation of trust. Although trust of a third party is not always unreliable, it cannot always be reliably estimated.
In some computer systems, the user or system administrator may desire to load a trustable operating system. By trustable, what is meant is that the user, or a third party requires a mechanism for inspecting the system and determining whether a given operating system was loaded. Once verification of loading of the operating system is complete, an outside agent may also desire to determine whether the operating system was loaded in the secure environment. Unfortunately, this capability cannot be supported with conventional transitive trust models, such as the public key infrastructure. Therefore, there remains a need to overcome one or more of the limitations in the above-described existing art.